Mr Farzad Salim
| Position: | PhD Student |
| Sub-organisation: | Information Security Institute |
| Organisation: | Queensland University of Technology |
| Email: | farzad@isi.qut.edu.au |
| Personal Webpage: | www.isi.qut.edu.au/about/students/index.php?display=fsalim |
| Phone: | (07)31389561 |
| Address: | PO Box, 15393, City East, QLD 4002, Australia |
| City: | Brisbane |
| State: | QLD |
| Postcode: | 4002 |
Research Areas
- Decision Support
- Computer security
- Critical Infrastructure Protection
- Information Security
PhD Title: Adopting Economic Instruments in Designing an Access Control Mechanism
Anticipated Completion Date: : 15 August 2011PhD Abstract
Authorised users (insiders) are behind the majority of security incidents with high financial impacts. Because authorisation is the process of controlling users? access to resources, improving authorisation techniques may mitigate the insider threat. Current approaches to authorisation suffer from the assumption that users will (can) not depart from the expected behaviour implicit in the authorisation policy. In reality however, users can and do depart from the canonical behaviour. We argue that the conflict of interest between insiders and authorisation mechanisms is analogous to the subset of problems formally studied in the field of game theory. We investigate how an authorisation control model based on insights from game theory and mechanism design can ensure users? potential misuse of a resource is explicitly considered while making an authorisation decision. We envisage that the resulting authorisation model to be dynamic in the sense that its access decisions vary according to the changes in explicit factors that influence the cost of misuse for both the authorisation mechanism and the user.
Supervisor: Ed Dawson, Jason Reid, Uwe Dullack